1. Technical Field
The present invention relates to a communication device which executes encryption communication using a public key certificate, a communication system including such a communication device, and a program used in such a communication system.
2. Description of Related Art
Recently, as network communication use have expanded drastically, it is critical to ensure the security in communication. Electronic signature and electronic authentication based on the technology of the public key infrastructure (PKI) have been widely used.
Electronic signature using public key method is generated by encrypting a hash value object data using a private key, so a public key corresponding to the private key is necessary to verify the electronic signature. Because the public key itself does not contain information of the key holder, a reliable third-party issues a public key certificate which attests that the public key contained in the certificate belongs to the person noted in the certificate. Here, the reliable third-party that issues a certificate is called a certificate authority (CA).
If the identification information contained the public key certificate is not identical with actual identification information because of a change of the identification information of the holder of the public key certificate (for example, IP address or host name), the public key certificate cannot be used. In this case, the communication device needs to request the CA for re-issuance of the public key certificate.
For example, a communication system that is configured so that IP address and public key certificate of a host which is a communication device in a LAN are frequently changed (for each communication partner, for each session, or for each communication packet transmission) is disclosed in Japanese Patent Application Provisional Publication No. P2004-7512A. In the communication system, a CA that issues a public key certificate is set as a node in the LAN, and host user name, password and public key are register in the CA. When the CA is requested by the host to issue a public key certificate, by verifying the host based on information registered in the CA, host spoofing is prevented.
However, in the configuration disclosed in Japanese Patent Application Provisional Publication No. P2004-7512A, frequent updates of the public key certificates causes network traffic increase because of public key certificate issuance.